Lucene search
K

90 matches found

Nuclei
Nuclei
added yesterday24 views

SugarCRM - Unauthenticated Remote Code Execution via PHP Object Injection

A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the restdata parameter before passing it to the...

9.3CVSS6.5AI score0.02971EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:7 p.m.8 views

CVE-2026-55412

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS5.9AI score0.00193EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/12 6:28 p.m.12 views

EUVD-2026-32588

Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL...

8.1CVSS5.2AI score0.00257EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.11 views

CVE-2026-46830

Vulnerability in Oracle REST Data Services component: Mongoapi. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability...

5.3CVSS5.4AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.11 views

CVE-2026-46843

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability can...

5.3CVSS5.4AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.9 views

CVE-2026-46841

Vulnerability in Oracle REST Data Services component: General. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability c...

5.3CVSS5.4AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.12 views

CVE-2026-46842

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability can...

5.3CVSS5.4AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-46775

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data...

9.9CVSS5.4AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.12 views

CVE-2026-46839

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data...

9.9CVSS5.5AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-46840

Vulnerability in Oracle REST Data Services component: Backend-as-a-Service. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in...

10CVSS5.4AI score0.00725EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.10 views

CVE-2026-35266

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks require human interaction...

7.9CVSS5.5AI score0.00115EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.9 views

Oracle REST Data Services (CSPU May 2026)

The version of Oracle REST Data Services ORDS installed on the remote host is 24.2.0 through 26.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the May 2026 Critical Security Patch Update CSPU advisory. - Vulnerability in Oracle REST Data Services component:...

10CVSS5.6AI score0.00725EPSS
Exploits1References12
GithubExploit
GithubExploit
added 2026/05/29 4:15 p.m.173 views

Exploit for CVE-2026-46840

CVE-2026-46840 - Oracle ORDS Unauthenticated RCE via REST Back...

10CVSS6.3AI score0.00725EPSS
Exploits1
NCSC
NCSC
added 2026/05/29 12:20 p.m.17 views

Vulnerabilities in Oracle Database Server

Oracle has identified vulnerabilities in Oracle REST Data Services versions 24.2.0 to 26.1.0 and Oracle Database Server versions 23.4.0 to 23.26.2. The vulnerabilities in Oracle REST Data Services allow attackers with low privileges and network access via HTTPS to perform various actions without...

10CVSS5.9AI score0.01127EPSS
Exploits2References1
NVD
NVD
added 2026/05/28 9:16 p.m.20 views

CVE-2026-46843

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability can...

5.3CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 9:16 p.m.18 views

CVE-2026-46840

Vulnerability in Oracle REST Data Services component: Backend-as-a-Service. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in...

10CVSS0.00725EPSS
Exploits1References1
NVD
NVD
added 2026/05/28 9:16 p.m.12 views

CVE-2026-46841

Vulnerability in Oracle REST Data Services component: General. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability c...

5.3CVSS0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 9:16 p.m.23 views

CVE-2026-46839

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data...

9.9CVSS0.00352EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 9:16 p.m.21 views

CVE-2026-46829

Vulnerability in Oracle REST Data Services component: Mongoapi. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability...

7.5CVSS0.00273EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 9:16 p.m.16 views

CVE-2026-46775

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data...

9.9CVSS0.00431EPSS
Exploits0References1
Rows per page
Query Builder